Discord CDN & Malware

General
1

I found this article today and was wondering, how does Discord not know about this rampant issue?

Yes, The article is a bit outdated however based on our research. The issue is still persistent on Discord’s CDN.

What do other people think about Discord just not even scanning files for malware before allowing them to be uploaded to their CDN?

Anyways, As always.
Your thoughts in this topic are welcome in the comment section of this thread.

2

If you use Discord, there’s settings that allow you to scan files.

  1. Scan every file
  2. Scan every file expect from people on your friends list
  3. Don’t scan anything

If Discord detects malicious files, it’ll warn the user about potential malware, however the user still can download the file or go back.

But this applies to messages only, since if you go to a CDN Discord link the user doesn’t get warned.

1 Like
3

But the thing is, IQ.

Scammers need to make humans believe that it is not an scam.
So if you’re smart, probabilities you won’t get scammed.
Dont fall for “bitcoin” scams or any “free robux” scams.

I also saw someone asking if the website was malicious and the scammer said “Yes” :rofl: :person_facepalming:

1 Like
4

That’s the main problem.

Discord only warns the user inside the Discord app.
However, We have observed many websites that basically store malicious stuff on Discord’s content deliver network.

Scenario 1:

Situation Start

  • User visits malicioussite.com and clicks the download button.

  • Website downloads file from Discord CDN and does not show any warning since warnings are only displayed in the Discord App.

  • User gets infected if neither Google SafeBrowsing or Microsoft Smart Screen detects the malware.

Situation End

Our team has been detecting these issues for some time now, and we acknowledge that Discord has made quite a lot of improvements in the safety of their application by adding the “Malicious File Warning”

new-alert-when-you-download-executable-files-v0-m0lyk1us6fh81
new-alert-when-you-download-executable-files-v0-m0lyk1us6fh81695×503 60.5 KB

However, The issue is still a pretty bad issue in the end. We are still continueing to report issues to Discord (Webhooks, and malicious CDN links)

They are pretty speedy when taking action against the malicious content in their CDN.

5

7kufyx

This is something that is a pretty funny meme according to r/discordapp

1 Like
6

Yeah, I saw that.
There’s another version of it too.

1 Like